We keep abreast of the latest cyber attacks and here’s one that we’re seeing a lot of coverage on we think you should know about – SamSam. [Read more…] about The Latest Ransomware Attack – SamSam
Ransomware is a hot topic these days. We’re seeing it in the headlines far more than we’d like. The trick about digital attacks like this, and most malware attacks in general, is the ever-changing nature of them. The ransomware attacks we saw a year ago aren’t the same as they are today. Here’s an update on some of the latest variations.
Attackers have adopted new strategies for infiltrating networks, improved their ability to do damage, and, just as important, have embraced sophisticated growth-enabling business models.
For example, users have been getting training on not clicking on malicious attachments or visiting malicious sites, and anti-malware vendors have been getting better at spotting those sites and attachments. But worms spread themselves without the user needing to do anything at all. “The worm will look and scan its surroundings on the network that have the vulnerability that it is looking to exploit, and copies itself onto the exploited machines,” says Robert Simmons, director of research innovation at ThreatConnect, Inc., a security vendor based in Arlington, Va.
A company that has a vulnerable machine connected to the internet is an easy target, for example. If a company has locked-down all its public-facing computers, an employee might use a mobile device or laptop to connect to an insecure network that has another infected machine on it, Simmons says.
Then, once the employee is back on the company network, the ransomware can spread from there. Once inside, the attackers don’t only launch encryption right away, he adds.
“With Petya, they found that in addition to its ransomware capabilities, it had a tool to provide an additional capability of attacking Windows domain controllers, the locations where the credentials and passwords to your network were kept,” he says. “So they’re branching into other capabilities that would let them pivot around the network.”
The attackers can steal data, for example, or do other damage. Then the ransomware will go off, and help the attackers cover their tracks. “The ransomware would be used as a smokescreen,” he says. “It would make it more difficult for a responder to find evidence of the original attack.”
With the rate of change associated with these attacks, unfortunately there is no simple solution. However, following some simple best practices for data security, like keeping your software and antivirus up-to-date and backing up your data regularly, you can lessen the likelihood of catastrophic data loss. The IT experts at Great Lakes Computer can help. We can not only provide you with best-in-class protective software and backup, we can also remotely monitor your network for suspicious activity. Data security is a full-time job and we’re here to take on that role.
A new hack has been announced and it’s affecting over 2 million users. The infected application is called CCleaner and it’s one that even we have mentioned in the past because it’s free and works well to run file clean up to remove clutter from your hard drive. But, as with so many other breaches, when you’re dealing with free software, sometimes you get what you paid for.
From a Forbes article:
It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.
Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.
The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.
The Chief Technology Officer at the parent company, Avast, says there is no reason to fear. They launched an automatic update to users that downloaded the infected version of the software in the last couple of weeks. This should also serve as a warning for users that have disabled automatic updates that you should take a moment to install your immediately.
They also believe that they stopped the attack before any significant data was stolen, believing that the hackers intended a second phaase of attack that was thwarted by quick detection and remediation.
If you’re uncertain about how effective your current cybersecurity solution is, contact us. We offer a range of antivirus and monitoring services, as well as backup and recovery (which may be the best solution to cybercrime there is).